martin-g commented on PR #1432: URL: https://github.com/apache/wicket/pull/1432#issuecomment-4325752149
You can! But I won't do it myself for two reasons: 1) the CVE creation process is very unfriendly. It used to be a copy/paste of a template and adaptation of few placeholders like the title, description and severity. Now it is a big complex web form with many fields which I have no idea how to populate correctly 2) you reported the issue publicly and thus made it a 0-day vulnerability ... So, it is a bit late for this. The proper way is to report it to the maintainers first - https://wicket.apache.org/help/#security & https://www.apache.org/security/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
